Security bulletin: 2011-003
Released: 02/03/11
The following issue has been identified:
Synopsis
A possibility of an attack was found that could lead to Denial of Service (DoS) of the store.
State
Resolved in OXID eShop version 4.4.6.
Impact
By creating specially crafted URLs, each time new cache is created for requested pages, so server may go out of resources (disk or memory) in case of DoS attack.
No exploits are known as of today.
Affected products, releases and platforms
Products:
- OXID eShop Enterprise Edition
Releases:
- Enterprise Edition: 4.0.0.0_13895, 4.0.0.0_13934, 4.0.0.0_14260, 4.0.0.1_14455, 4.0.0.2_14842, 4.0.0.2_14967, 4.0.1.0_15990, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4 and 4.4.5.
Platforms:
- Above releases are affected on all platforms.
Resolution
The issue has been addressed in the following releases:
- OXID eShop Enterprise Edition version 4.4.6
Credits
The security issue has been found during one of our regular security audits.
Stay up-to-date
To receive upcoming OXID Security Bulletins, please subscribe to the mailing lists or the Announcement forum
How to report security issues
Learn how to report security issues in the Security overview page.
Leave a Reply
Want to join the discussion?Feel free to contribute!